Exam SAP-C02 All QuestionsBrowse all questions from this exam
Question 230

A company's solutions architect is analyzing costs of a multi-application environment. The environment is deployed across multiple Availability Zones in a single AWS Region. After a recent acquisition, the company manages two organizations in AWS Organizations. The company has created multiple service provider applications as AWS PrivateLink-powered VPC endpoint services in one organization. The company has created multiple service consumer applications in the other organization.

Data transfer charges are much higher than the company expected, and the solutions architect needs to reduce the costs. The solutions architect must recommend guidelines for developers to follow when they deploy services. These guidelines must minimize data transfer charges for the whole environment.

Which guidelines meet these requirements? (Choose two.)

    Correct Answer: C, D

    To minimize data transfer charges, it is essential to limit the cross-Availability Zone (AZ) traffic since inter-AZ data transfers incur additional costs. Turning off cross-zone load balancing for the Network Load Balancer (NLB) in all service provider application deployments ensures that requests are handled within the same AZ, reducing the data transferred across AZs, thereby lowering costs. Additionally, ensuring that service consumer compute resources use the Availability Zone-specific endpoint service by using the endpoint's local DNS name directs the traffic within the same AZ, effectively minimizing costly inter-AZ data transfers.

Discussion
SkyZeroZxOptions: AD

A By sharing the subnets that host the service provider applications using AWS Resource Access Manager (RAM), the service consumer applications can be deployed in the same organization's accounts. This allows the traffic between the service consumer and service provider applications to stay within the organization's network, reducing data transfer charges. D By using the Availability Zone-specific endpoint service's local DNS name, the service consumer compute resources can directly access the service provider applications within the same Availability Zone. This eliminates the need for cross-Availability Zone data transfer, thus reducing data transfer charges.

xav1erOptions: CD

- **C. Turn off cross-zone load balancing for the Network Load Balancer in all service provider application deployments.** - **D. Ensure that service consumer compute resources use the Availability Zone-specific endpoint service by using the endpoint's local DNS name.**

DgixOptions: BD

It's B and D. A. Sharing subnets does not directly reduce data transfer charges. C. Turning off cross-zone load balancing does not impact data transfer costs between VPC endpoints and service consumers. E. A Savings Plan reduces costs for compute usage, not specifically for data transfer charges.

mav3r1ck

Turning off cross-zone load balancing can reduce inter-AZ data transfer costs. With cross-zone load balancing disabled, a Network Load Balancer (NLB) only routes requests to targets in the same Availability Zone as the load balancer node that received the request. This setup reduces the data transferred across Availability Zones, thereby reducing costs.

WardoveOptions: CD

Answer is CD D) Obvious option, This approach minimizes data transfer costs by ensuring that traffic between service consumers and service providers stays within the same Availability Zone C) Only after setting up your NLB, you can create a VPC Endpoint Service (VPC-E) that is powered by AWS PrivateLink. Cross-zone lb feature is optional for NLB since 2018 so, turning off cross-zone load balancing can help ensure that data does not unnecessarily cross Availability Zones, thereby once again reducing data transfer costs https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/how-elastic-load-balancing-works.html B) Incorrect: putting the workloads into 1 org - would not make any effect on billing neither, unless you change the topology profoundly and move away the VPCE solution - but we are not talking about Re-architecting, we are looking to provide guidelines A) Incorrect: RAM can be used only within 1 organization E) Incorrect: there is no a such flavor of Saving plans, AWS provides 3 Compute, EC Instance and SageMaker Saving plans

JOKERO

You can also share with specific AWS accounts by account ID, regardless of whether the account is part of an organization.

LazyAutonomyOptions: BD

Holy bageezus, never seen a discussion thread so divided. @NikkyDicky is spot on - cross zone traffic is indeed where the money is going. I think we all know that. A - appears incorrect, we cannot share subnets between accounts in different AWS Orgs. Even if you could, or even if you chose A+B, it would be impractical to assume all other workloads could be deployed in service provider subnets. Would probably run out of IPs. And even if the subnets were huge and we didn't run out of IPs, there is no mechanism in A to guide developers deploying their workloads to reduce or prevent cross-AZ traffic. You could share the subnets and deploy all provider/consumer workloads in the same set of subnets and still end up with the same huge bill :-)

LazyAutonomy

B - appears correct. @Just_Ninja's explanation nails it. If you use Organizations and you create accounts, then in each member account, the logical identifiers for each availability zone (e.g. "eu-central-1a") are guaranteed to map to the same AZ Physical ID (e.g. "euc1-az3") for all accounts within the Organization. In other words, it's likely that AZ "eu-central-1a" for accounts in OrgABC is not the same as AZ "eu-central-1a" for accounts in OrgXYZ. That's a problem if you're trying to eliminate unnecessary cross-zone traffic. Without this, you could instruct developers to use AZ-specific DNS names and still end up with the same huge bill :-)

LazyAutonomy

C - appears incorrect, but the reason has nothing to do with "compromising high availability". As pointed out by @elmoh, cross-zone load balancing isn't enabled by default in NLBs anyway. See https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#cross-zone-load-balancing. Even if cross-zone load balancing was enabled by default in NLBs, this option doesn't cover the Gateway Load Balancer VPC endpoint service use case.

michele_scarOptions: CD

B is useless because if you place the resource in the same org but in different AZs you will pay the same as different org in different AZs. So B is uncorrect (like A and E). Remains C and D as a solution that should reduce costs.

VerRiOptions: BD

"The company manages two organisations in AWS Organizations," which means they have one organisation for service providers and one more for consumers. A. Since applications are created in the provider organisation, sharing the subnet with other accounts within the same organisation has no effect. B. Combining provider and consumer into one organisation is the first move for Option D. C. Cross-zone load balancing does not change the amount of data traffic passing through the NLB, it affects how that traffic is distributed across the targets. D. AZ-specific endpoint helps to reduce data transfer charges because it keeps the traffic in a single AZ and is designed for intra-regional communication within the same account or organization. E. WTF

ajeeshbOptions: CD

Answer: C, D

tmlong18Options: CD

I go with C & D. Data transfer cost base on physical distance.(cross AZ, cross region, internal) A & B - shared VPC doesn't distribute traffic to inter-az

Jay_2pt0_1

This question is poorly framed. I go with A & D, not because they are great, but because the others are terrible. You should not have to move into the same org (that can't be the answer). Also, we won't compromise HA, so that can't be the answer either.

seetptOptions: BD

BD for me

marszalekm

https://docs.aws.amazon.com/ram/latest/userguide/shareable.html "Can share with only AWS accounts in its own organization." ec2:Subnet

bjexamprepOptions: AB

The question is badly framed. First, we need define the "Data transfer". Does it mean cross AZ data transfer or cross account data transfer? I assume there isn't private network connectivity between the two parties, because they are not even in the same organization, and there is not statement saying they are connected to each other with peering or transit gateway or VPN. So I assume the "Data transfer" is cross organization data transfer, which highly possible is internet data transfer cost. So, A and B will be the best answer. If the question designer meant the cross AZ data transfer and forgot to mention there is already private network connectivity created between the two VPC, C and D might be the best answer. But we can't assume something without any evidence, right?

tmlong18

AWS PrivateLink is private network and support cross account VPC

vip2Options: CD

C D is correct one For C, Cross-zone load balancing can distribute traffic across multiple AZs, which increases data transfer costs between AZs. Disabling cross-zone load balancing ensures that traffic remains within the same AZ, reducing the associated data transfer charges. This is particularly important for applications using AWS PrivateLink, as it will help keep data transfers within the same AZ as much as possible.

4555894

B - allows data transfer between linked accounts to be free of charge. D - ensures traffic stays within the same AZ as much as possible, minimizing inter-AZ data transfer costs. CD - Save money.

ayadmawlaOptions: AB

Read B + A Reduce the multi-organisation setup into a single one and then use Resource Sharing. Simple

duriselvan

D. Ensure that service consumer compute resources use the Availability Zone-specific endpoint service by using the endpoint's local DNS name. This guideline encourages service consumer applications to utilize the local Availability Zone endpoint for the service provider application. This significantly reduces data transfer charges as communication happens within the same Availability Zone, avoiding inter-Availability Zone data transfer fees. E. Create a Savings Plan that provides adequate coverage for the organization's planned inter-Availability Zone data transfer usage. While not eliminating data transfer charges altogether, a Savings Plan can be beneficial if inter-Availability Zone communication is unavoidable. By committing to a consistent data transfer usage level, the company can receive a discount on its data transfer charges, leading to cost savings.